redundant attributes in IdPs SAML assertion
Cantor, Scott
cantor.2 at osu.edu
Tue Jun 10 23:31:16 EDT 2014
On 6/10/14, 10:50 PM, "David Bantz" <dabantz at alaska.edu> wrote:
>
>With MCB, Duo, and LDAP caching in my IdP 2.4.0, I am seeing double or
>triple (if 2FA) copies of eduPersonAffiliation in the SAML assertion:
I use caching myself, even with LDAP, so I would tend to conclude that
it's the rest of those pieces I don't use that are implicated.
Particularly that extra third copy.
I don't really understand how that's possible unless they're tampering
with the resolution results given back to the regular profile handler. I
run the resolver myself inside a login handler, but that set of results
has nothing whatsoever to do with the result that comes back later. I
don't see how they can mix.
-- Scott
More information about the users
mailing list